f13995db4175e5dbea232776fbbb6758bfed8fe0ba70eaf390b6008a453af7c4 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

DriversClo...1).exe

windows10-2004-x64

Sharing

General

Target

DriversCloud_Win (1).exe
Size

401KB
Sample

230331-wa9k2ade2z
MD5

cb7e8b7b7fabe00a2f29a92720b8317e
SHA1

87a4aef2a9f882b64cf01e66ff1714340f78d500
SHA256

f13995db4175e5dbea232776fbbb6758bfed8fe0ba70eaf390b6008a453af7c4
SHA512

85f92959d59a94dc5df1a10805337348a08b39c34ab65fbb04dda40a8ce9818b0b15838af380509e310b9e72589acc9f8af12a6013824ea1eb9d3c72f3cbae06
SSDEEP

6144:egORaDUgROThd4y62ucdOr+9Jb+Nhqnu2Y3klAv6bz58WNa33K:egHHRSd4zLuOqJb+N6Y3AAv6h8W63K

Score

8^/10

bootkit discovery persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

DriversCloud_Win (1).exe

Resource

win10v2004-20230220-en

bootkit discovery persistence upx

windows10-2004-x64

26 signatures

300 seconds

Malware Config

Targets

- Target
  
  DriversCloud_Win (1).exe
- Size
  
  401KB
- MD5
  
  cb7e8b7b7fabe00a2f29a92720b8317e
- SHA1
  
  87a4aef2a9f882b64cf01e66ff1714340f78d500
- SHA256
  
  f13995db4175e5dbea232776fbbb6758bfed8fe0ba70eaf390b6008a453af7c4
- SHA512
  
  85f92959d59a94dc5df1a10805337348a08b39c34ab65fbb04dda40a8ce9818b0b15838af380509e310b9e72589acc9f8af12a6013824ea1eb9d3c72f3cbae06
- SSDEEP
  
  6144:egORaDUgROThd4y62ucdOr+9Jb+Nhqnu2Y3klAv6bz58WNa33K:egHHRSd4zLuOqJb+N6Y3AAv6h8W63K
Score

8^/10

bootkit discovery persistence upx
- Downloads MZ/PE file
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistenceupx

© 2018-2024

Terms | Privacy